1. 程式人生 > >各種語言HMAC SHA256實現以及Base64編碼注意事項

各種語言HMAC SHA256實現以及Base64編碼注意事項

語言包含:

  Javascript ,PHP,Java,Groovy,C#,Objective C,Go,Ruby,Python,Perl,Dart,Swift,Rust,Powershell。

Javascript HMAC SHA256


Run the code online with this jsfiddle. Dependent upon an open source js library calledhttp://code.google.com/p/crypto-js/.


<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/rollups/hmac-sha256.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.0.2/build/components/enc-base64-min.js"></script>


<script>
  var hash = CryptoJS.HmacSHA256("Message", "secret");
  var hashInBase64 = CryptoJS.enc.Base64.stringify(hash);
  document.write(hashInBase64);
</script>
PHP HMAC SHA256


PHP has built in methods for hash_hmac (PHP 5) and base64_encode (PHP 4, PHP 5) resulting in no outside dependencies. Say what you want about PHP but they have the cleanest code for this example.


$s = hash_hmac('sha256', 'Message', 'secret', true);
echo base64_encode($s);
Java HMAC SHA256


Dependent on Apache Commons Codec to encode in base64.


import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import org.apache.commons.codec.binary.Base64;


public class ApiSecurityExample {
  public static void main(String[] args) {
    try {
     String secret = "secret";
     String message = "Message";


     Mac sha256_HMAC = Mac.getInstance("HmacSHA256");
     SecretKeySpec secret_key = new SecretKeySpec(secret.getBytes(), "HmacSHA256");
     sha256_HMAC.init(secret_key);


     String hash = Base64.encodeBase64String(sha256_HMAC.doFinal(message.getBytes()));
     System.out.println(hash);
    }
    catch (Exception e){
     System.out.println("Error");
    }
   }
}
Groovy HMAC SHA256


It is mostly Java code but there are some slight differences. Adapted from Dev Takeout - Groovy HMAC/SHA256 representation.


import javax.crypto.Mac;
import javax.crypto.spec.SecretKeySpec;
import java.security.InvalidKeyException;


def hmac_sha256(String secretKey, String data) {
 try {
    Mac mac = Mac.getInstance("HmacSHA256")
    SecretKeySpec secretKeySpec = new SecretKeySpec(secretKey.getBytes(), "HmacSHA256")
    mac.init(secretKeySpec)
    byte[] digest = mac.doFinal(data.getBytes())
    return digest
   } catch (InvalidKeyException e) {
    throw new RuntimeException("Invalid key exception while converting to HMac SHA256")
  }
}


def hash = hmac_sha256("secret", "Message")
encodedData = hash.encodeBase64().toString()
log.info(encodedData)
C# HMAC SHA256


using System.Security.Cryptography;


namespace Test
{
  public class MyHmac
  {
    private string CreateToken(string message, string secret)
    {
      secret = secret ?? "";
      var encoding = new System.Text.ASCIIEncoding();
      byte[] keyByte = encoding.GetBytes(secret);
      byte[] messageBytes = encoding.GetBytes(message);
      using (var hmacsha256 = new HMACSHA256(keyByte))
      {
        byte[] hashmessage = hmacsha256.ComputeHash(messageBytes);
        return Convert.ToBase64String(hashmessage);
      }
    }
  }
}
Objective C and Cocoa HMAC SHA256


Most of the code required was for converting to bae64 and working the NSString and NSData data types.


#import "AppDelegate.h"
#import <CommonCrypto/CommonHMAC.h>


@implementation AppDelegate


- (void)applicationDidFinishLaunching:(NSNotification *)aNotification {
 NSString* key = @"secret";
 NSString* data = @"Message";


 const char *cKey = [key cStringUsingEncoding:NSASCIIStringEncoding];
 const char *cData = [data cStringUsingEncoding:NSASCIIStringEncoding];
 unsigned char cHMAC[CC_SHA256_DIGEST_LENGTH];
 CCHmac(kCCHmacAlgSHA256, cKey, strlen(cKey), cData, strlen(cData), cHMAC);
 NSData *hash = [[NSData alloc] initWithBytes:cHMAC length:sizeof(cHMAC)];


 NSLog(@"%@", hash);


 NSString* s = [AppDelegate base64forData:hash];
 NSLog(s);
}


+ (NSString*)base64forData:(NSData*)theData {
 const uint8_t* input = (const uint8_t*)[theData bytes];
 NSInteger length = [theData length];


 static char table[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";


 NSMutableData* data = [NSMutableData dataWithLength:((length + 2) / 3) * 4];
 uint8_t* output = (uint8_t*)data.mutableBytes;


 NSInteger i;
 for (i=0; i < length; i += 3) {
 NSInteger value = 0;
 NSInteger j;
 for (j = i; j < (i + 3); j++) {
 value <<= 8;


 if (j < length) {  value |= (0xFF & input[j]);  }  }  NSInteger theIndex = (i / 3) * 4;  output[theIndex + 0] = table[(value >> 18) & 0x3F];
 output[theIndex + 1] = table[(value >> 12) & 0x3F];
 output[theIndex + 2] = (i + 1) < length ? table[(value >> 6) & 0x3F] : '=';
 output[theIndex + 3] = (i + 2) < length ? table[(value >> 0) & 0x3F] : '=';
 }


 return [[NSString alloc] initWithData:data encoding:NSASCIIStringEncoding]; }


@end
Go programming language - Golang HMAC SHA256


Try it online in your browser with Play GoLang
crypto/hmac package
package main


import (
    "crypto/hmac"
    "crypto/sha256"
    "encoding/base64"
    "fmt"
)


func ComputeHmac256(message string, secret string) string {
    key := []byte(secret)
    h := hmac.New(sha256.New, key)
    h.Write([]byte(message))
    return base64.StdEncoding.EncodeToString(h.Sum(nil))
}


func main() {
    fmt.Println(ComputeHmac256("Message", "secret"))
}
Ruby HMAC SHA256


Requires openssl and base64.


require 'openssl'
require "base64"


hash  = OpenSSL::HMAC.digest('sha256', "secret", "Message")
puts Base64.encode64(hash)
Python (2.7) HMAC SHA256


import hashlib
import hmac
import base64


message = bytes("Message").encode('utf-8')
secret = bytes("secret").encode('utf-8')


signature = base64.b64encode(hmac.new(secret, message, digestmod=hashlib.sha256).digest())
print(signature)
Tested with Python 2.7.6. Also, be sure not to name your python demo script the same as one of the imported libraries.


Perl HMAC SHA256


See Digest::SHA documentation. By convention, the Digest modules do not pad their Base64 output. To fix this you can test the length of the hash and append equal signs "=" until it is the length is a multiple of 4. We will use a modulus function below.


use Digest::SHA qw(hmac_sha256_base64);
$digest = hmac_sha256_base64("Message", "secret");


# digest is currently: qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc


# Fix padding of Base64 digests
while (length($digest) % 4) {
    $digest .= '=';
}


print $digest;
# digest is now: qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc=
Dart HMAC SHA256


Dependent upon the Dart crypto package.


import 'dart:html';
import 'dart:convert';
import 'package:crypto/crypto.dart';


void main() {


  String secret = 'secret';
  String message = 'Message';


  List<int> secretBytes = UTF8.encode('secret');
  List<int> messageBytes = UTF8.encode('Message');


  var hmac = new HMAC(new SHA256(), secretBytes);
  hmac.add(messageBytes);
  var digest = hmac.close();


  var hash = CryptoUtils.bytesToBase64(digest);


  // output to html page
  querySelector('#hash').text = hash;
  // hash => qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc=
}
Swift HMAC SHA256


I have not verified but see this stackOverflow post


Rust


Take a look at the alco/rust-digest repository for Rust (lang) guidance. I have not verified yet.


Powershell (Windows) HMAC SHA256


Mostly wrapping of .NET libraries but useful to see it in powershell's befuddling syntax. See code as gist


$message = 'Message'
$secret = 'secret'


$hmacsha = New-Object System.Security.Cryptography.HMACSHA256
$hmacsha.key = [Text.Encoding]::ASCII.GetBytes($secret)
$signature = $hmacsha.ComputeHash([Text.Encoding]::ASCII.GetBytes($message))
$signature = [Convert]::ToBase64String($signature)


echo $signature


# Do we get the expected signature?
echo ($signature -eq 'qnR8UCqJggD55PohusaBNviGoOJ67HC6Btry4qXLVZc=')

----------------------------------------------------------------------------------------------------------------------------------------------------

用Base64編碼的時候如果出現\n 之類的字元,java中轉義。[摘點選開啟連結]

當字串過長(一般超過76)時會自動在中間加一個換行符,字串最後也會加一個換行符。導致和其他模組對接時結果不一致。

解決方法:

將 

android.util.Base64.encodeToString(input, Base64.DEFAULT)
換成
android.util.Base64.encodeToString(input, Base64.NO_WRAP);

PS:疊加使用Base64.URL_SAFE | Base64.NO_WRAP  去除\n 和 替換+ 和 - 號 

Android自身帶有Base64加密與解密的包,可以方便地加密密碼方便傳輸。

 String base64Token = Base64.encodeToString(token.trim().getBytes(), Base64.NO_WRAP);

 byte[] mmmm = Base64.decode(base64Token,Base64.DEFAULT);

 其中,Flags引數的意思如下:

CRLF 這個引數看起來比較眼熟,它就是Win風格的換行符,意思就是使用CR LF這一對作為一行的結尾而不是Unix風格的LF

DEFAULT 這個引數是預設,使用預設的方法來加密

NO_PADDING 這個引數是略去加密字串最後的”=”

NO_WRAP 這個引數意思是略去所有的換行符(設定後CRLF就沒用了)

URL_SAFE 這個引數意思是加密時不使用對URL和檔名有特殊意義的字元來作為加密字元,具體就是以-和_取代+和/